Forum Discussion

Pix_R's avatar
Pix_R
Level 5
2 years ago

Data Insight - CVE-2022-42889 vulnerability in Apache Commons Text, dubbed "Text4Shell"

Is DI vulnerable to the newly disclosed vulnerability?

This is not log4shell and is a new disclosure.

 

Thank you
Pix

 

 

  • Data Insight does not use the mentioned module in the Apache Commons Text library. Hence DI is not impacted by this Remote Code Execution (RCE) vulnerability. However, we always recommend customers go with the latest DI version upgrade, as it contains security upgrades and fixes. Please reach out to your support engineer for more details and an official response. 

    I often refrain from commenting on the issues here, which have "Open\In-progress" veritas support cases under investigation, but this was important. 

  • Data Insight does not use the mentioned module in the Apache Commons Text library. Hence DI is not impacted by this Remote Code Execution (RCE) vulnerability. However, we always recommend customers go with the latest DI version upgrade, as it contains security upgrades and fixes. Please reach out to your support engineer for more details and an official response. 

    I often refrain from commenting on the issues here, which have "Open\In-progress" veritas support cases under investigation, but this was important. 

  • Thank you Manoj. I did open a case as I needed an official statement.

    I appreciate the quick response.